X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/b015846a1693658602fe71deefc1ce3307fc26fe..4090d62a4b25782129cc1643596dc2f6e8f63bde:/doc/doc-txt/ChangeLog diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 564169404..a2d9339c1 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -5,6 +5,65 @@ affect Exim's operation, with an unchanged configuration file. For new options, and new features, see the NewStuff file next to this ChangeLog. +Exim version 4.89+fixes +----------------------- +Cherry-Picked from the master development branch +------------------------------------------------- + +HS/01 Cleanup, prevent repeated use of -p/-oMr (CVE-2017-1000369) + +JH/06 Default openssl_options to include +no_ticket, to reduce load on peers. + Disable the session-cache too, which might reduce our load. Since we + currrectly use a new context for every connection, both as server and + client, there is no benefit for these. + GnuTLS appears to not support tickets server-side by default (we don't + call gnutls_session_ticket_enable_server()) but client side is enabled + by default on recent versions (3.1.3 +) unless the PFS priority string + is used (3.2.4 +). + +JH/07 Fix smtp transport use of limited max_rcpt under mua_wrapper. Previously + the check for any unsuccessful recipients did not notice the limit, and + erroneously found still-pending ones. + +JH/19 Bug 2141: Use the full-complex API for Berkeley DB rather than the legacy- + compatible one, to avoid the (poorly documented) possibility of a config + file in the working directory redirecting the DB files, possibly correpting + some existing file. CVE-2017-10140 assigned for BDB. + +JH/20 Bug 2147: Do not defer for a verify-with-callout-and-random which is not + cache-hot. Previously, although the result was properly cached, the + initial verify call returned a defer. + +JH/21 Bug 2151 (partial): + Avoid using SIZE on the MAIL for a callout verify, on any but + the main verify for receipient in uncached-mode. + +JH/26 Fix DKIM bug: when the pseudoheader generated for signing was exactly + the right size to place the terminating semicolon on its own folded + line, the header hash was calculated to an incorrect value thanks to + the (relaxed) space the fold became. + +JH/27 Fix SOCKS bug: an unitialized pointer was deref'd by the transport process + which could crash as a result. This could lead to undeliverable messages. + +JH/15 Fix a crash in the smtp transport caused when two hosts in succession + are unsuable for non-message-specific reasons - eg. connection timeout, + banner-time rejection. + +JH/29 Fix queue_run_in_order to ignore the PID portion of the message ID. This + matters on fast-turnover and PID-randomising systems, which were getting + out-of-order delivery. + +JH/30 Fix a logging bug on aarch64: an unsafe routine was previously used for + a possibly-overlapping copy. The symptom was that "Remote host closed + connection in response to HELO" was logged instead of the actual 4xx + error for the HELO. + +JH/34 Bug 2199: fix a use-after-free while reading smtp input for header lines. + A crafted sequence of BDAT commands could result in in-use memory beeing + freed. + + Exim version 4.89 -----------------